package com.example.securitydemo.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.security.Principal;

@RestController
@RequestMapping("test")
public class MyController {

    // 权限

    @GetMapping
    public String test(){
        return "test";
    }


    //
    @Secured("ROLE_admin") // user 的 角色
    @GetMapping("testSecured")
    public String testSecured(){
        return "testSecured";
    }



    @PreAuthorize("hasRole('user')") // [ROLE_user]
    @GetMapping("testPreAuth")
    public String testPreAuth(){
        return "testPreAuth";
    }

    @PreAuthorize("hasAuthority('user')") //【user】
    @GetMapping("testPreAuth1")
    public String testPreAuth1(){
        return "testPreAuth1";
    }


}
